Security Incidents: Re: Is it possible to derease gradually the number of Client port (add up time table) ?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Is it possible to derease gradually the number of Client port (add up time table) ?

From: Lionel Ferette <lionel.ferette () belnet be>
Date: Wed, 10 Mar 2004 18:08:50 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Todd, List,

In the wise words of Todd Jang, on Wednesday 10 March 2004 04:41:

I add up time table below logs which are blocked.
I dimly remember. someone said the reason decreased port number may
be a specific of O.S or application's logic operated in client.
Is there any reason Why The port number always has to increase ?

[SNIP Log]

Well, before you connect() to a socket, you can use bind() to request 
specific characteristics, like for example a specific IP address to 
use (useful in case of multi-homed hosts) or a port number. If the 
port number is specified, and if it is still free, the OS usually 
grants that port. If the port number is left unspecified, the OS 
chooses a free port, and these usually come in increasing order. So if 
the guy who wrote the scanner implemented a reverse loop to acquire 
ports, that can account for the behavior seen in your logs.

Might be to evade some IDS rules that check for connections with 
increasing port numbers...

HTH,

Lionel

- -- 
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- Benjamin Franklin

Lionel Ferette
BELNET CERT Coordinator

Rue de la Science 4                    Tel: +32 2 7903333
1000 Brussels                          Fax: +32 2 7903335
Belgium                                PGP Key Id: 0x5662FD4B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAT0uqDd3gqVZi/UsRAngWAKCixW6zYjLefYPEVBa7o9n+1AMSiACdHOhI
67vyuR0J1wqgC4L58IqDC5A=
=afed
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_incidents_040301
----------------------------------------------------------------------------

By Date By Thread

Current thread:

Is it possible to derease gradually the number of Client port ? toddjang (Mar 09)
- RE: Is it possible to derease gradually the number of Client port ? Rob Shein (Mar 09)
  - RE: Is it possible to derease gradually the number of Client port (add up time table) ? Todd Jang (Mar 10)
    - RE: Is it possible to derease gradually the number of Client port (add up time table) ? Rob Shein (Mar 10)
    - Re: Is it possible to derease gradually the number of Client port (add up time table) ? Lionel Ferette (Mar 10)
    - Re: Is it possible to derease gradually the number of Client port (add up time table) ? Frank Knobbe (Mar 11)
    - Re: Is it possible to derease gradually the number of Client port (add up time table) ? Ben Timby (Mar 11)